All Versions
135
Latest Version
Avg Release Cycle
47 days
Latest Release
46 days ago

Changelog History
Page 13

  • v0.6.1 Changes

    July 29, 2011
    • Fix XSS check for cookies as parameters in output
    • Don't bother calling super in CheckSessionSettings
    • Add escape_once as a safe method
    • Accept '\Z' or '\z' in model validations
  • v0.6.0 Changes

    July 20, 2011
    • Tests are in place and fully functional
    • Hide errors by default in HTML output
    • Warn if routes.rb cannot be found
    • Narrow methods assumed to be file access
    • Increase confidence for methods known to not escape output
    • Fixes to output processing for Erubis
    • Fixes for Rails 3 XSS checks
    • Fixes to line numbers with Erubis
    • Fixes to escaped output scanning
    • Update CSRF CVE-2011-0447 message to be less assertive
  • v0.5.2 Changes

    June 29, 2011
    • Output report file name when finished
    • Add initial tests for Rails 2.x
    • Fix ERB line numbers when using Ruby 1.9
  • v0.5.1 Changes

    June 17, 2011
    • Fix issue with 'has_one' => in routes
  • v0.5.0 Changes

    June 08, 2011
    • Add support for routes like get 'x/y', :to => 'ctrlr#whatever'
    • Allow empty blocks in Rails 3 routes
    • Check initializer for session settings
    • Add line numbers to session setting warnings
    • Add --checks option to list checks
  • v0.4.1 Changes

    May 23, 2011
    • Fix reported line numbers when using new Erubis parser (Mostly affects Rails 3 apps)
  • v0.4.0 Changes

    May 19, 2011
    • Handle Rails XSS protection properly
    • More detection options for rails_xss
    • Add --escape-html option
  • v0.3.2 Changes

    May 12, 2011
    • Autodetect Rails 3 applications
    • Turn on auto-escaping for Rails 3 apps
    • Check Model.create() for mass assignment
  • v0.3.1 Changes

    May 03, 2011
    • Always output a line number in tabbed output format
    • Restrict characters in category name in tabbed output format to word characters and spaces, for Hudson/Jenkins plugin
  • v0.3.0 Changes

    March 21, 2011
    • Check for SQL injection in calls using constantize()
    • Check for SQL injection in calls to count_by_sql()